From fa2279d443eb2e24b4aff693f478e93481cd347b Mon Sep 17 00:00:00 2001 From: Predrag Gruevski Date: Mon, 28 Mar 2016 19:58:45 +0000 Subject: [PATCH 1/3] Sanitize query operator arguments. --- pyorient/ogm/query.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/pyorient/ogm/query.py b/pyorient/ogm/query.py index 8042d6f3..15163c14 100644 --- a/pyorient/ogm/query.py +++ b/pyorient/ogm/query.py @@ -160,6 +160,8 @@ def all(self): g = self._graph + print('SELECTED:', select) + response = g.client.command(select) if response: # TODO Determine which other queries always take only one iteration @@ -318,7 +320,7 @@ def filter_string(self, expression_root): elif op is Operator.Between: far_right = PropertyEncoder.encode_value(expression_root.operands[2]) return u'{0} BETWEEN {1} and {2}'.format( - left_str, right, far_right) + left_str, PropertyEncoder.encode_value(right), far_right) elif op is Operator.Contains: if isinstance(right, LogicalConnective): return u'{0} contains({1})'.format( @@ -327,19 +329,19 @@ def filter_string(self, expression_root): return u'{} in {}'.format( PropertyEncoder.encode_value(right), left_str) elif op is Operator.EndsWith: - return u'{0} like \'%{1}\''.format(left_str, right) + return u'{0} like {1}'.format(left_str, PropertyEncoder.encode_value('%' + right)) elif op is Operator.Is: if not right: # :) return '{0} is null'.format(left_str) elif op is Operator.Like: - return u'{0} like \'{1}\''.format( - left_str, right) + return u'{0} like {1}'.format( + left_str, PropertyEncoder.encode_value(right)) elif op is Operator.Matches: - return u'{0} matches \'{1}\''.format( - left_str, right) + return u'{0} matches {1}'.format( + left_str, PropertyEncoder.encode_value(right)) elif op is Operator.StartsWith: - return u'{0} like \'{1}%\''.format( - left_str, right) + return u'{0} like {1}'.format( + left_str, PropertyEncoder.encode_value(right + '%')) else: return u'{0} {1} {2}'.format( self.filter_string(left) From 1f8f0d743ae3dfe1822ccb6187299d7674172624 Mon Sep 17 00:00:00 2001 From: Predrag Gruevski Date: Mon, 28 Mar 2016 21:27:43 +0000 Subject: [PATCH 2/3] Added closing else block with assertion error. --- pyorient/ogm/query.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pyorient/ogm/query.py b/pyorient/ogm/query.py index 15163c14..87493dbf 100644 --- a/pyorient/ogm/query.py +++ b/pyorient/ogm/query.py @@ -342,6 +342,8 @@ def filter_string(self, expression_root): elif op is Operator.StartsWith: return u'{0} like {1}'.format( left_str, PropertyEncoder.encode_value(right + '%')) + else: + raise AssertionError('Unhandled Operator type: {}'.format(op)) else: return u'{0} {1} {2}'.format( self.filter_string(left) From 333b257eb69cd93da6f7e5449f4f69979e1a1e9b Mon Sep 17 00:00:00 2001 From: Predrag Gruevski Date: Tue, 29 Mar 2016 21:02:46 +0000 Subject: [PATCH 3/3] Removed print statement used for debugging. --- pyorient/ogm/query.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/pyorient/ogm/query.py b/pyorient/ogm/query.py index 87493dbf..336c0abf 100644 --- a/pyorient/ogm/query.py +++ b/pyorient/ogm/query.py @@ -160,8 +160,6 @@ def all(self): g = self._graph - print('SELECTED:', select) - response = g.client.command(select) if response: # TODO Determine which other queries always take only one iteration